11 args_Mod - starjun/starjun.github.io GitHub Wiki
args_Mod GET请求参数规则模块
该模块是整个访问控制规则的 第11步 用于配置GET请求参数的访问控制
[
{
"state": "on",
# 该条规则开关(on/off)
"hostname": ["*",""],
# host匹配规则;第一个参数:匹配内容,第二个:匹配方式,字符串等于(该条规则是匹配任意字符串)
"args": ["\\.\\./","jio"],
# args匹配规则;第一个参数:匹配内存,第二个:匹配方式,正则匹配
"action": "deny"
# 执行动作:拒绝(allow/deny/log)
},
{
"state": "on",
"hostname": ["*",""],
"args": ["\\:\\$","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["\\$\\{","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["select.+(from|limit)","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["(?:(union(.*?)select))","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["having|rongjitest","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["sleep\\((\\s*)(\\d*)(\\s*)\\)","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["benchmark\\((.*)\\,(.*)\\)","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["base64_decode\\(","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["(?:from\\W+information_schema\\W)","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["(?:(?:current_)user|database|schema|connection_id)\\s*\\(","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["(?:etc\\/\\W*passwd)","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["into(\\s+)+(?:dump|out)file\\s*","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["group\\s+by.+\\(","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["xwork\\.MethodAccessor","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["java\\.lang","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["\\<(iframe|script|body|img|layer|div|meta|style|base|object|input)","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["(onmouseover|onerror|onload)\\=\t","jio"],
"action": "deny"
},
... # 下一条规则
]
数据请求样式
URI: http://%ip:%port/api/v2/config_dict
查询操作:
1:查询所有
GET/POST querystring:
action=get&mod=args_Mod
2:查询指定id (支持子节点查询,eg: 1@state)
GET/POST querystring:
action=get&mod=args_Mod&id=1
action=get&mod=host_method_Mod&id=1@state
设置操作:
1:修改整体
GET/POST querystring:
action=set&mod=args_Mod&value=
[
{
"state": "on",
"hostname": ["*",""],
"args": ["\\.\\./","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["\\:\\$","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["\\$\\{","jio"],
"action": "deny"
},
{
"state": "on",
"hostname": ["*",""],
"args": ["select.+(from|limit)","jio"],
"action": "deny"
}
]
2:修改单个
GET/POST querystring:
action=set&mod=args_Mod&id=1&value_type=json&value=
{
"state": "on",
"hostname": ["*",""],
"args": ["select.+(from|limit)","jio"],
"action": "deny"
}
删除操作:
1:删除单个
GET/POST querystring:
action=del&mod=args_Mod&id=1
添加操作:
1:添加单个
GET/POST querystring:
action=add&mod=args_Mod&value=
{
"state": "on",
"hostname": ["*",""],
"args": ["select.+(from|limit)","jio"],
"action": "deny"
}
返回消息:
服务器失败:http code ~= 200
服务器成功:{code="ok/error",msg=...}
code = error ,执行状态错误,msg 为错误内容